ClawHub

Xiaoqian

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for meeting export, but it includes reusable government-platform credentials and can automatically use them to access and export sensitive meeting data.

Install only if you are authorized to access this Jiangsu MSA system and are comfortable with the exposed shared credentials being used. The publisher should remove and rotate the embedded password, require user-provided credentials, document the output path and retention behavior, and pin dependencies before this is treated as routine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill embeds a live-looking username and password directly in the skill file and describes automatic login to an external government platform without a prominent user warning. Hardcoded credentials are a severe secret-exposure issue: anyone with access to the skill can reuse them, and automatic invocation could cause unauthorized access, account abuse, or leakage of sensitive meeting data.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script embeds default credentials directly in source code and uses them automatically if environment variables are absent. Hardcoded credentials are dangerous because they can be extracted from the code, reused by unauthorized parties, and may grant direct access to an internal government meeting system containing sensitive scheduling and participant data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes meeting data to local Excel and JSON files automatically, including a second backup copy, without explicit user confirmation or data-sensitivity warning. In this context, the exported content may include internal meeting titles, attendees, locations, and departments, increasing the risk of unintended local disclosure, over-retention, or pickup by other processes/users on the host.

Unpinned Dependencies

Low
Category
Supply Chain
Content
selenium>=4.15.0
pandas>=2.0.0
openpyxl>=3.1.0
webdriver-manager>=4.0.0
Confidence
95% confidence
Finding
selenium>=4.15.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
selenium>=4.15.0
pandas>=2.0.0
openpyxl>=3.1.0
webdriver-manager>=4.0.0
Confidence
90% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
selenium>=4.15.0
pandas>=2.0.0
openpyxl>=3.1.0
webdriver-manager>=4.0.0
Confidence
92% confidence
Finding
openpyxl>=3.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
selenium>=4.15.0
pandas>=2.0.0
openpyxl>=3.1.0
webdriver-manager>=4.0.0
Confidence
88% confidence
Finding
webdriver-manager>=4.0.0

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal